Are there anu plans to implement authoritative DNS server functionality in Omada SDN ?
Are there anu plans to implement authoritative DNS server functionality in Omada SDN ?
Hello TP-Link people,
I am interested if you have any plans to implement DNS server (not only forwarding resolver) in the Omada platform, probably in the gateways ?
The gateways already can function as DHCP server - so it would be logical that they could also support having a local DNS zone inside, for the LAN, with both static (configured) A/AAA records and also with possibility to register local clients in the local DNS zone.
It would be enough just to run some open source DNS service that supports locally administered zones, not only DNS forwarder/resolver like it is now.
At present Small/Medium Business users need to deploy a standalone DNS server/appliance, but it would be natural if the Omada Gateway could play that role.
Can you comment this please ?
With my kind regards,
K.B.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
...even sometning like 'unbound' which is implemented in pfSense would be fine. Way better than nothing.
- Copy Link
- Report Inappropriate Content
Why not set up your own DHCP server? Since you mention this, I did a little research and I do not find any router that has built-in functionality like this. Except for open source firmware.
If you don't want to use the DHCP server commonly accepted, you set up your own by setting up a DHCP server locally.
- Copy Link
- Report Inappropriate Content
Your reply honestly does not make sense. Everybody and his dog knows that there can be a standalone DHCP/DNS server.
My point was that since Omada Gateway already provides DHCP server functionality and also since it allows to implement DHCP snooping ("Legal DHCP Servers" in Omada SDN terminology) so what is missing for a completely self-contained IP network - is a DNS resolver with a possibility to add static entries and register DHCP-provided entries for the local network. It does not have to be even an authoritative server, a lightweight resolver like unbound could be fine.
This would allow greater network deployment simplicity and would allow the users not to have to add external boxes with separate management.
Sure I can use pfSense router, some other vendor switches and access points too, but we are talking about Omada here, aren't we ?
Regards,
K.
- Copy Link
- Report Inappropriate Content
Does pfsense have that functionality in the original firmware? What's the name for that? I can do more study on that and see if I ever come across it on Omada's.
- Copy Link
- Report Inappropriate Content
Hello John,
pfSense (and OPNsense) are open source firewalls, I mentioned these just as an example. Both use the 'unbound' open source DNS resolver:
https://en.wikipedia.org/wiki/Unbound_(DNS_server)
There are other open source DNS resolver packages, maybe one of these could be used ?
In my opinion (shared by some other users on the Requests & Suggestions sub-forum here) it would make sense to implement DNS resolver in the same place as the DHCP server, which is the gateway/router. Omada gateways already function as a DNS forwarder, so they give out it's own name as the local DNS server in their DHCP replies and then they forward all queries from local DNS clients to the outside DNS servers, configured in Omada gateway. I do not know if they cache the responses from upstream DNS servers or if they just forward the query each time. Expanding this DNS forwarder feature to a fully featured DNS resolver with local static and DHCP-registered entries for the LAN might be the easiest way to go.
It's maybe not that necessary for a home user, unless he/she has a bigger home/office network that needs local DNS - but for clients like hotels, small/medium businesses, offices etc. it would make a lot of sense to have a DNS resolver integrated in the Omada gateway, especially if they use the DHCP server in Omada gateway.
Bigger environments often have external DHCP/DNS servers, typically from Windows Server, but that is quite a cost and also not every local network actually has local servers, some branch or small networks just connect to a central location or to a cloud based apps, so you can not expect that every LAN already has local DNS server. Quite often it's just a router, a few switches and a bunch of Access Points and for those type of deployments a DNS resolver would be a big benefit.
Best regards,
K. B.
- Copy Link
- Report Inappropriate Content
Thanks for the info and I am studying this. :)
- Copy Link
- Report Inappropriate Content
Thank you John,
Maybe the internal DNS service in the gateway already can do this - but there is no option in GUI to add static entries ?
Or maybe the gateway already runs some sort of DNS forwarder with could be replaced by resolver (or that users can have an option to enable a resolver), which then could provide local DNS service to register local hosts in a local DNS table, of course without the need to export these local addresses to the outside DNS servers from the WAN (well, such a local DNS would use private IPs so a WAN provider's DNS server would not accept these anyway).
This is more of a Small Business / Branch office feature, where the users do not have local DNS servers but would like to have that functionality.
Also I think this is a relatively lightweight feature, which could fit into the gateway resource limits (CPU, RAM). Or maybe it could be done only for some gateways with bigger CPU/RAM, that could also be an option (but I think even ER605 should be able to serve a small local DNS domain, if resources will be tight then maybe you can put a limit on the max number of local entries etc. ).
With my kind regards,
Krzysztof Bujar
- Copy Link
- Report Inappropriate Content
Just to add more info:
I see that the gateways run some embedded OS with Busybox and that they might be tight on CPU and RAM resources, therefore it would be just sufficient to implement the following additions to the current DNS forwarder in the Omada gateways:
1. Allow to create local DNS domain name to be used for local networks.
2. Allow local DHCP clients to register their DHCP IP in the local DNS service running on the gateway.
3. Allow to create static DNS mappings - for the local networks only.
That is much simpler and it would take very little coding and router resources - compared to fully blown DNS servers like BIND or compared to more complex caching resolvers like UNBIND and similar.
But that would allow to build a fully contained local IP network with both DHCP and DNS serices for local hosts.
- Copy Link
- Report Inappropriate Content
@Smok, I agree this would be a valuable addition.
It seems it's actually possible on some Ubiquiti routers (tweaked to use dnsmasq for DHCP/DNS). A search on "dnsmasq ubiquiti" will quickly locate the article in question.
I came across this for 2 reasons:
* I wanted to monitor activity on my network and found a syslog tool that would do reverse lookups to make the logs easier to read.
Unfortunately, none of the internal addresses resolved...
* After setting up a few VLANs, accessing machines across VLAN boundaries has become cumbersome.
I can still do this using the IP addresses but I'd rather do it by name.
At a minimum, exposing DNS functionality for devices that the DHCP server knows about would seem desirable.
As of now, I'm under the impression that running a standalone DHCP/DNS server is the only option.
There's no way I'm adding HW just for this. I'm already running an OC200 because I didn't want a box for the controller...
It appears I could run dnsmasq in a docker container on my media server (Windows).
I'm a bit concerned about a chicken and egg problem at startup... Especially given the media server in question is not in the default LAN.
- Copy Link
- Report Inappropriate Content
I am also looking for this, and was surprised that it is not currently supported.
There are some users requesting the feature in different threads.
Is it possible to get a statement from TP-link about whether this is at least considered for implementation? If not, I would probably have to dig up my Ubiquity router again or find some other solution :(
- Copy Link
- Report Inappropriate Content
Information
Helpful: 4
Views: 3314
Replies: 19